When you have installed Really Simple SSL pro, you will get a bunch of new options. Users sometimes ask: “which headers should I enable, and why isn’t it all enabled by default?”. We’ll start auto enabling these as much as possible as of the next version, but this is not always possible. For example Content Security Policy is something that has to be configured cautiously. We have made this as easy as possible by handling the detection of possible issues automatically, but in the end you need to decide if a URL should be allowed or not.
In this security headers article we’ve discussed each header, and have given a “recommended” or “advanced” flag. If you’re not very experienced, you can still enable these without having to configure a lot of settings. Just enable the switch and you’re done!